This is Lukepuplett's TypePad Profile.
Join TypePad and start following Lukepuplett's activity
Lukepuplett
Recent Activity
Websites I've designed have used the technique Oskar describes to make a canonical string from data about the client, which is hashed to make a more individual session key. It works.
A hacker would need to fake a few details about a customer's active session to steal it. It's enough to not be the lowest hanging fruit.
HTTPS wouldn't be too much of a pain, except for maybe upgrading to a NIC that has full TCP IP and SSL chimney offload to accelerate it, and some possible problems with mixed HTTP/HTTPS content on the same page (ads), and that's probably the biggest barrier to wide-scale SSL adoption.
Luke
Commented Nov 15, 2010 on Breaking the Web's Cookie Jar at Coding Horror
Breaking the Web's Cookie Jar
The Firefox add-in Firesheep caused quite an uproar a few weeks ago, and justifiably so. Here's how it works: Connect to a public, unencrypted WiFi network. In other words, a WiFi network that doesn't require a password before you can connect to it. Install Firefox and the Firesheep add-in. W...
Lukepuplett is now following The Typepad Team
Nov 15, 2010
Subscribe to Lukepuplett’s Recent Activity
0 Favorites
Around The Web
